diff options
Diffstat (limited to 'keystone-moon/releasenotes/notes/implied-roles-026f401adc0f7fb6.yaml')
| -rw-r--r-- | keystone-moon/releasenotes/notes/implied-roles-026f401adc0f7fb6.yaml | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/keystone-moon/releasenotes/notes/implied-roles-026f401adc0f7fb6.yaml b/keystone-moon/releasenotes/notes/implied-roles-026f401adc0f7fb6.yaml new file mode 100644 index 00000000..065fd541 --- /dev/null +++ b/keystone-moon/releasenotes/notes/implied-roles-026f401adc0f7fb6.yaml @@ -0,0 +1,12 @@ +--- +features: + - > + [`blueprint implied-roles <https://blueprints.launchpad.net/keystone/+spec/implied-roles>`_] + Keystone now supports creating implied roles. Role inference rules can now + be added to indicate when the assignment of one role implies the assignment + of another. The rules are of the form `prior_role` implies + `implied_role`. At token generation time, user/group assignments of roles + that have implied roles will be expanded to also include such roles in the + token. The expansion of implied roles is controlled by the + `prohibited_implied_role` option in the `[assignment]` + section of `keystone.conf`. |